Leicester City Council has mistakenly sent personal details of registered passengers to taxi firms for the third time this year.
Staff from the council’s Passenger and Transport Service (PATS) disclosed, in error, private information to 28 cab firms it has contracts with in January and again in June prompting concerns about data security in the department to be raised with senior officials and city mayor Sir Peter Soulsby.
Despite this, Leicestershire Live reports that the names of 17 vulnerable passengers who require regular transport to the Leicester-based charity for the disabled Mosaic have now been shared with all of the firms holding contracts with the city council rather than the five companies that have a deal to move them. An email to all the firms was sent out by the PATS team at 5.19pm on August 21.
The city council has insisted the data breach ‘poses minimal risk’ to the 17 people but Tory city councillor Ross Grant said he found it hard to understand how it could occur after he raised the two previous matters at the highest levels in the council.
He said: “This is the third such incident of this nature this year from the same council department and again the personal information of vulnerable people has been disclosed to taxi firms that do not need it or want it. It casts doubts whether the issue of data security is being taken seriously if the same issue is recurring again and again.
“It speaks of a culture where the council cannot be trusted to keep people’s data secure.”
After each breach the council has stressed taxi firms on contract have agreed not to share data they receive with third parties under threat of prosecution under the Data Protection Act. Cllr Grant said: “While our processes seem inadequate we are relying on the processes of small companies to be more robust under threat of breach of contract. I have never been proactively told by the PATs team of a breach, even though now they regularly are reported to me.” He said: “The situation is completely unsatisfactory. Who is taking responsibility for this recurring problem? The council’s approach to regular failures is to trust in taxi firms being better than the council is at keeping data secure.”
One cab driver told Leicestershire Live: “Taxi firms keep being sent personal information they do not require and have not asked for. Then they are threatened with prosecution.
“I think we’d all be happier if the council took some decisive action to stop this happening.”
A council spokesman said: “We can confirm an email including the names of 17 passengers was accidentally sent to all taxi firms under contract with the council, when it should have been sent to only five. The email advised that passengers did not need collecting on Bank Holiday Monday.
“It contained only names, and no other personal data. This sort of breach poses minimal risk to the individuals and does not need reporting to the Information Commissioner’s Office under current data protection law criteria.
“Staff have been reminded of their responsibilities in checking data before it is released, and the council has a further programme of data protection training and awareness raising planned as part of our ongoing work in this area.”